package com.example.springsecurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {
//    用户的对象
//    @Autowired
//    private MyUserService myUserService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication().passwordEncoder(passwordEncoder())//角色和用户都放在内存中 //这里必须加密，新版本的特性
            .withUser("user").password(passwordEncoder().encode("password")).roles("USER").and() //制定用户和角色
            .withUser("admin").password(passwordEncoder().encode("password")).roles("USER", "ADMIN");
//        auth.userDetailsService(myUserService).passwordEncoder(new MyPasswordEncoder());
//        auth.jdbcAuthentication().authoritiesByUsernameQuery("").groupAuthoritiesByUsername("");

//    @Autowired
//    private DataSource dataSource; //提供数据库校验方式
//        auth
//                .jdbcAuthentication()
//                .dataSource(dataSource)
//                .withDefaultSchema()
//                .withUser("user").password("password").roles("USER").and()
//                .withUser("admin").password("password").roles("USER", "ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/resources/**", "/signup", "/about").permitAll() //允许所有
                .antMatchers("/admin/**").hasRole("ADMIN") //指定角色能访问
                .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')") //指定多个角色访问
                .anyRequest().authenticated() //任何请求都要验证
                .and()
                .formLogin() //允许表单登录
//                .loginPage("/login").permitAll() //允许访问
                .and()
                .logout().permitAll()
                .logoutUrl("/logout") //设置退出uri默认是 /logout
                .logoutSuccessUrl("/login?logout")//注销之后跳转的URL。默认是/login?logout。
                .and()
        ;
//                .csrf().disable();
//            .logoutSuccessHandler(logoutSuccessHandler)
//            .invalidateHttpSession(true) //session失效
//            .addLogoutHandler(logoutHandler)
//            .deleteCookies(cookieNamesToClear);
        }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/js/**","/css/**","/images/**");
    }

    //加密方式
    private PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
